[Internal]: Elastic Defend runscript response action and Script library

[raqueltabuyo]

Description

Description

Elastic Security introduces the runscript response action, which allows security analysts to execute predefined scripts on endpoints directly from Elastic Security Response Console.

This functionality enables organizations to create and maintain a Script Library where commonly used investigation or remediation scripts can be stored and executed remotely on endpoints through Elastic Defend runscript response action. Scripts can be reused across investigations and response workflows, improving efficiency and standardizing response procedures.

The documentation should explain how analysts can:

• Execute scripts as a response action from the Elastic Security Response console
• Manage and maintain scripts within the Script Library

Resources

https://github.com/elastic/security-team/issues/12983
https://github.com/elastic/endpoint-dev/issues/17109

Which documentation set does this change impact?

Elastic On-Prem and Cloud (all)

Feature differences

Identical in all deployments

• runscript response action enables direct execution of scripts on endpoints.
• The Script Library provides centralized storage and reuse of scripts across investigations and response workflows

What release is this request related to?

9.4

Serverless release

In conjunction with 9.4

Collaboration model

The documentation team

Point of contact.

Main contact: @raqueltabuyo

Stakeholders: @dasansol92 @paul-tavares @ashokaditya

[natasha-moore-elastic]

Note to self: link to the script library figma available here. Dev issue for script library UI changes: https://github.com/elastic/security-team/issues/14819.